SB2020022506 - Multiple vulnerabilities in D-Link DIR-867, DIR-878 and DIR-882 routers

Description

This security bulletin contains information about 2 vulnerabilities.

1) Incorrect Implementation of Authentication Algorithm (CVE-ID: CVE-2020-8863)

CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to to bypass authentication process.

The vulnerability exists due to a lack of proper implementation of the authentication algorithm within the handling of HNAP PrivateLogin login requests. A remote attacker on the local network can bypass authentication and reset the admin password.

An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router.

2) Incorrect Comparison (CVE-ID: CVE-2020-8864)

CWE-ID: CWE-697 - Incorrect Comparison

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to a lack of proper handling of empty passwords within the handling of HNAP strncmp login requests. A remote attacker on the local network can bypass authentication and reset the admin password.

An attacker can leverage this vulnerability to execute arbitrary code on the router.

Remediation

Install update from vendor's website.

References

• https://www.zerodayinitiative.com/advisories/ZDI-20-267/
• https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157
• https://www.zerodayinitiative.com/advisories/ZDI-20-268/